TODDzillaInLA Posted April 30, 2021 Share Posted April 30, 2021 i have asked this before but will the option to disabling the r2's provisioning of DNS services becoming soon? ---------- here are my first test results: DNS Benchmark Conclusions & Recommendations What the results you have just obtained mean to YOU The results summary, conclusions, and recommendations from your most recent run of this DNS benchmark are provided below. Please carefully consider the implications of making any changes to your system's current configuration before doing so. ý System has only ONE (router based) nameserver configured. It appears that only one local (router gateway) DNS nameserver, with the IP address of [192.168.77.1], is currently providing all DNS name resolution services to this system. This configuration is not recommended because most consumer-grade routers provide inefficient and under-powered DNS resolution services. Unless the DNS resolvers your router is using is under your control, it may not be providing the best or complete name resolution services. For example, is it using multiple redundant DNS nameservers? Users of GRC's DNS Spoofability system have determined that consumer-grade routers can be crashed by the receipt of specific DNS reply packets from the Internet. This opens the possibility that Internet-based criminals could acquire access to your router from the Internet as well as to the private network in controls. Many consumer-grade routers fail to provide the full range of DNS lookup services. This may have been detected by the benchmark and noted below. Recommended Actions: Unless you have some specific reason not to, you should give serious thought to disabling your router's provisioning of DNS services (which it is providing for all computers on your local network). After this is done, a fresh reboot of your computers will likely reveal the multiple DNS nameservers provided by your ISP. This is a superior configuration, without an under-powered router acting as a incompetent middleman and impeding all DNS access. Note that if you can determine the IP addresses of your ISP-provided nameservers (which may be visible in your router's web configuration) you could manually add them to the nameservers being tested by this benchmark, while also leaving your router providing DNS. This would allow you to compare the performance when running through your router versus "going direct". þ System's sole nameserver is alive and replying to queries. Although this system has only one DNS resolving nameserver, at least it is alive and replying to DNS queries. (If it were not, you would likely be painfully aware, since it would be difficult to accomplish anything requiring Internet access.) þ System nameserver is faster than ALL public alternatives. The DNS resolver your system is using is responding faster than any of the 100% reliable publicly available alternative DNS nameservers this benchmark utility just tested. Therefore, there would be no performance benefit from switching to any of those publicly available nameservers. However, since you only have a single system nameserver configured, it might be useful to use some of the fastest public nameservers as backups if that's possible in your situation. Please also note that this best performance appraisal assumes that this system's nameserver is 100% reliable. See the next item below for an appraisal of your nameserver's reliability. Note: If there appeared to be one or more faster public alternative nameservers, there was enough uncertainty created by the spread of benchmark timing results that it was not possible to be at least 95% confident that any of those faster seeming nameservers really were reliably faster than the nameserver this system is currently using. So it made no sense to alarm you about the need to change things when there was insufficient evidence. þ This system's nameserver is 100% reliable. DNS reliability is extremely important, since lookup requests that are dropped and ignored by nameservers cause significant delays in Internet access while the querying system waits for a reply. The system is then finally forced to reissue the query to the same or to backup nameservers. While your system is patiently waiting for a reply, you are impatiently waiting to get on with your Internet access. During this benchmark test, the system's nameserver tested returned a reply for every request sent. It doesn't get any better than that. Very nice. ý This system's nameserver intercepts name errors. One or more of this system's nameservers intercepts errors and redirects web browsers to a custom page in response to an invalid DNS lookup request. (This is shown with an orange coloring of the nameserver IP address and descriptive text on the benchmark's "Nameserver" page.) This behavior is typically used as a marketing maneuver to redirect mistaken web browser URL entries to the DNS provider's own advertising-laden marketing-related pages. The major ISPs Earthlink, Roadrunner and Comcast are known to be doing this. While this may be regarded as a useful service by some users, others object to the idea of not receiving an error in response to an erroneous request. Some free DNS server providers, such as OpenDNS, allow this behavior to be customized so that erroneous queries can be configured to return an error. Many responsible ISPs are also offering "opt-out" options to prevent advertising interceptions. Recommended Actions: If you feel that this marketing-driven behavior is unacceptable from a DNS nameserver, you may be able to configure the service to return errors. Otherwise, you are free to switch to any alternative high performance and high reliability nameservers that are properly returning errors in response to erroneous queries. If you choose to configure the existing nameserver(s) to return errors, you can use this benchmark utility, at any time, to easily verify that the DNS behavior is what you expect and desire. þ System nameserver is replying to all query types. During the development of this DNS Benchmark we discovered that the routers used by some pre-release testers were not returning results for the benchmark's Uncached and/or Dotcom testing queries. Even though these queries are admittedly unusual, they are completely valid. So the only conclusion was that those few routers were inherently defective. The good news here is that your nameserver is replying to these unusual but valid queries. ____________________________________________________________________ REMEMBER TO CHECK SPOOFABILITY !! Whether you make any changes to your nameservers or not, but especially if you do, be sure to verify the security of your final DNS resolver set by using GRC's free "DNS Spoofability" testing service! http://www.GRC.com/dns/dns.htm _______________________________________________________________________________________________________________________ If you require assistance . . . If you require assistance with the implementation any of the suggested changes to your system's DNS configuration, several sources of help are available: For help with the operation and use of this DNS Benchmark program, please reference the extensive DNS Benchmark pages at the GRC website: http://www.GRC.com/dns/benchmark.htm For help with any of the specific conclusions or recommendations above, please see the DNS Benchmark FAQ (Frequently Asked Questions) page: http://www.GRC.com/dns/benchmark-faq.htm Knowledge of the DNS domain name system is widespread among those in public technical Internet forums. You will very likely be able to obtain answers to any specific questions you may have by asking knowledgeable inhabitants of online communities. GRC maintains and operates a comprehensive online "newsgroup" community and has a specific newsgroup - grc.dns - dedicated to the discussion of DNS issues including this DNS benchmark program (where it was developed) and GRC's online DNS Spoofability testing service. Please see the following web page for help with joining and participating in GRC's terrific newsgroups: http://www.GRC.com/discussions.htm GRC's technical support services are limited to the support of licensees of our commercial software products and do not extend to the support of our freely available software or online services. Please do not write to us (GRC / Gibson Research Corporation) for assistance in connection with this freeware utility. You will find that ample help is freely available within the Internet community. Thank you! - Steve Gibson Please Note: This program is Copyright (c) 2010 by Gibson Research Corporation -- ALL RIGHTS RESERVED. This program is FREEWARE. Although it may not be altered in any way, it MAY BE FREELY COPIED AND DISTRIBUTED onto and through any and all computer media in ANY form or fashion. You are hereby granted the right to do so. • • • Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted April 30, 2021 Administrators Share Posted April 30, 2021 We do have a ticket open for this so I've just reassigned it and left a note. It's on our roadmap so it's unlikely to be a focus in our next few sprints unfortunately Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.